cd5d681f249663dde55b694693ead4e63ff1d626e5db57975aeaa41e65205c37 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

TwentyApp.exe

windows7-x64

9

TwentyApp.exe

windows10-2004-x64

9

Sharing

General

Target

TwentyApp.exe
Size

3.3MB
Sample

230327-qmblwaff7t
MD5

5e2b1df5effbe5123eeff6752af2ca59
SHA1

2e1597b42c40155aa4f56ed708ea4aeb2a5d8698
SHA256

cd5d681f249663dde55b694693ead4e63ff1d626e5db57975aeaa41e65205c37
SHA512

e1ce42dbea6940dbf883ba32f4e934dce2803606a3109369ddfc9cf47e89d82f4f6fcb1854a0745a0e4cb0ad1e095627f35c03a06fa5f42693638039b58698c2
SSDEEP

98304:mZgO4UAJkCxZt3e0Y6qRlp5CNMqMDstLS7cqjAny:mZg3JlB3gXRlpkMqUM6cqjo

Score

9^/10

evasion ransomware themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TwentyApp.exe

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

TwentyApp.exe

Resource

win10v2004-20230220-en

evasion ransomware themida trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  TwentyApp.exe
- Size
  
  3.3MB
- MD5
  
  5e2b1df5effbe5123eeff6752af2ca59
- SHA1
  
  2e1597b42c40155aa4f56ed708ea4aeb2a5d8698
- SHA256
  
  cd5d681f249663dde55b694693ead4e63ff1d626e5db57975aeaa41e65205c37
- SHA512
  
  e1ce42dbea6940dbf883ba32f4e934dce2803606a3109369ddfc9cf47e89d82f4f6fcb1854a0745a0e4cb0ad1e095627f35c03a06fa5f42693638039b58698c2
- SSDEEP
  
  98304:mZgO4UAJkCxZt3e0Y6qRlp5CNMqMDstLS7cqjAny:mZg3JlB3gXRlpkMqUM6cqjo
Score

9^/10

evasion themida trojan ransomware
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionransomwarethemidatrojan

© 2018-2024

Terms | Privacy